Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2025-02-14 00:19:16 +01:00
Code Issues Projects Releases Wiki Activity
2c05f1a0ce
unleash.unleash/src/lib/services/access-service.test.ts

288 lines
8.7 KiB
TypeScript
Raw Normal View History

chore: type improvements (#1941) Simplify the type to its minimum so it matches the API spec
2022-08-19 10:28:53 +02:00
import NameExistsError from '../error/name-exists-error';
import getLogger from '../../test/fixtures/no-logger';
fix: fetching user root roles include custom ones (#4068) ## About the changes `getUserRootRoles` should also consider custom root roles This introduces test cases that unveiled a dependency between stores (this happens actually at the DB layer having access-service access tables from two different stores but skipping the store layer). https://linear.app/unleash/issue/2-1161/a-user-with-custom-root-role-and-permission-to-create-client-api --------- Co-authored-by: Nuno Góis <github@nunogois.com>
2023-06-22 16:42:01 +02:00
import { createFakeAccessService } from '../features/access/createAccessService';
feat: audit roles (#5408) ## About the changes Audit changes to roles both root and project roles.
2023-11-24 14:22:31 +01:00
import {
AccessService,
chore: Bump biome and configure husky (#6589) Upgrades biome to 1.6.1, and updates husky pre-commit hook. Most changes here are making type imports explicit.
2024-03-18 13:58:05 +01:00
type IRoleCreation,
type IRoleValidation,
feat: audit roles (#5408) ## About the changes Audit changes to roles both root and project roles.
2023-11-24 14:22:31 +01:00
} from './access-service';
feat: custom root roles (#3975) ## About the changes Implements custom root roles, encompassing a lot of different areas of the project, and slightly refactoring the current roles logic. It includes quite a clean up. This feature itself is behind a flag: `customRootRoles` This feature covers root roles in: - Users; - Service Accounts; - Groups; Apologies in advance. I may have gotten a bit carried away 🙈 ### Roles We now have a new admin tab called "Roles" where we can see all root roles and manage custom ones. We are not allowed to edit or remove *predefined* roles. ![image](https://github.com/Unleash/unleash/assets/14320932/1ad8695c-8c3f-440d-ac32-39746720d588) This meant slightly pushing away the existing roles to `project-roles` instead. One idea we want to explore in the future is to unify both types of roles in the UI instead of having 2 separate tabs. This includes modernizing project roles to fit more into our current design and decisions. Hovering the permissions cell expands detailed information about the role: ![image](https://github.com/Unleash/unleash/assets/14320932/81c4aae7-8b4d-4cb4-92d1-8f1bc3ef1f2a) ### Create and edit role Here's how the role form looks like (create / edit): ![image](https://github.com/Unleash/unleash/assets/14320932/85baec29-bb10-48c5-a207-b3e9a8de838a) Here I categorized permissions so it's easier to visualize and manage from a UX perspective. I'm using the same endpoint as before. I tried to unify the logic and get rid of the `projectRole` specific hooks. What distinguishes custom root roles from custom project roles is the extra `root-custom` type we see on the payload. By default we assume `custom` (custom project role) instead, which should help in terms of backwards compatibility. ### Delete role When we delete a custom role we try to help the end user make an informed decision by listing all the entities which currently use this custom root role: ![image](https://github.com/Unleash/unleash/assets/14320932/352ed529-76be-47a8-88da-5e924fb191d4) ~~As mentioned in the screenshot, when deleting a custom role, we demote all entities associated with it to the predefined `Viewer` role.~~ **EDIT**: Apparently we currently block this from the API (access-service deleteRole) with a message: ![image](https://github.com/Unleash/unleash/assets/14320932/82a8e50f-8dc5-4c18-a2ba-54e2ae91b91c) What should the correct behavior be? ### Role selector I added a new easy-to-use role selector component that is present in: - Users ![image](https://github.com/Unleash/unleash/assets/14320932/76953139-7fb6-437e-b3fa-ace1d9187674) - Service Accounts ![image](https://github.com/Unleash/unleash/assets/14320932/2b80bd55-9abb-4883-b715-15650ae752ea) - Groups ![image](https://github.com/Unleash/unleash/assets/14320932/ab438f7c-2245-4779-b157-2da1689fe402) ### Role description I also added a new role description component that you can see below the dropdown in the selector component, but it's also used to better describe each role in the respective tables: ![image](https://github.com/Unleash/unleash/assets/14320932/a3eecac1-2a34-4500-a68c-e3f62ebfa782) I'm not listing all the permissions of predefined roles. Those simply show the description in the tooltip: ![image](https://github.com/Unleash/unleash/assets/14320932/7e5b2948-45f0-4472-8311-bf533409ba6c) ### Role badge Groups is a bit different, since it uses a list of cards, so I added yet another component - Role badge: ![image](https://github.com/Unleash/unleash/assets/14320932/1d62c3db-072a-4c97-b86f-1d8ebdd3523e) I'm using this same component on the profile tab: ![image](https://github.com/Unleash/unleash/assets/14320932/214272db-a828-444e-8846-4f39b9456bc6) ## Discussion points - Are we being defensive enough with the use of the flag? Should we cover more? - Are we breaking backwards compatibility in any way? - What should we do when removing a role? Block or demote? - Maybe some existing permission-related issues will surface with this change: Are we being specific enough with our permissions? A lot of places are simply checking for `ADMIN`; - We may want to get rid of the API roles coupling we have with the users and SAs and instead use the new hooks (e.g. `useRoles`) explicitly; - We should update the docs; - Maybe we could allow the user to add a custom role directly from the role selector component; --------- Co-authored-by: Gastón Fournier <gaston@getunleash.io>
2023-06-14 15:40:40 +02:00
import { createTestConfig } from '../../test/config/test-config';
fix: fetching user root roles include custom ones (#4068) ## About the changes `getUserRootRoles` should also consider custom root roles This introduces test cases that unveiled a dependency between stores (this happens actually at the DB layer having access-service access tables from two different stores but skipping the store layer). https://linear.app/unleash/issue/2-1161/a-user-with-custom-root-role-and-permission-to-create-client-api --------- Co-authored-by: Nuno Góis <github@nunogois.com>
2023-06-22 16:42:01 +02:00
import { CUSTOM_ROOT_ROLE_TYPE } from '../util/constants';
fix: deletion validation didnt account for groups (#4441) <!-- Thanks for creating a PR! To make it easier for reviewers and everyone else to understand what your changes relate to, please add some relevant content to the headings below. Feel free to ignore or delete sections that you don't think are relevant. Thank you! ❤️ --> ## About the changes <!-- Describe the changes introduced. What are they and why are they being introduced? Feel free to also add screenshots or steps to view the changes if they're visual. --> Fixes an issue where project role deletion validation didn't validate against project roles being connected to groups
2023-08-08 13:45:19 +02:00
import FakeGroupStore from '../../test/fixtures/fake-group-store';
import { FakeAccountStore } from '../../test/fixtures/fake-account-store';
import FakeRoleStore from '../../test/fixtures/fake-role-store';
refactor: feature oriented architecture for project-environment (#5510)
2023-12-01 12:41:46 +01:00
import FakeEnvironmentStore from '../features/project-environments/fake-environment-store';
fix: deletion validation didnt account for groups (#4441) <!-- Thanks for creating a PR! To make it easier for reviewers and everyone else to understand what your changes relate to, please add some relevant content to the headings below. Feel free to ignore or delete sections that you don't think are relevant. Thank you! ❤️ --> ## About the changes <!-- Describe the changes introduced. What are they and why are they being introduced? Feel free to also add screenshots or steps to view the changes if they're visual. --> Fixes an issue where project role deletion validation didn't validate against project roles being connected to groups
2023-08-08 13:45:19 +02:00
import AccessStoreMock from '../../test/fixtures/fake-access-store';
import { GroupService } from '../services/group-service';
chore: Bump biome and configure husky (#6589) Upgrades biome to 1.6.1, and updates husky pre-commit hook. Most changes here are making type imports explicit.
2024-03-18 13:58:05 +01:00
import type { IRole } from '../../lib/types/stores/access-store';
feat: use audit info in events (#6872) I've tried to use/add the audit info to all events I could see/find. This makes this PR necessarily huge, because we do store quite a few events. I realise it might not be complete yet, but tests run green, and I think we now have a pattern to follow for other events.
2024-04-18 16:32:35 +02:00
import {
type IGroup,
ROLE_CREATED,
SYSTEM_USER,
SYSTEM_USER_AUDIT,
} from '../../lib/types';
fix: return 400 on invalid POST data to project access endpoint (#5610) This PR fixes the issue discussed in SR-234, where you would get a 200 OK response even if your POST request to `/api/admin/projects/<project-name>/access` contains invalid data (and nothing is persisted).
2023-12-12 14:46:23 +01:00
import BadDataError from '../../lib/error/bad-data-error';
chore: centralize events service creation (#5910) ## About the changes EventsService is a dependency in most of our services. This creates helper methods to create them easily and replace a few places where we're creating them manually
2024-01-16 13:11:28 +01:00
import { createFakeEventsService } from '../../lib/features/events/createEventsService';
chore: type improvements (#1941) Simplify the type to its minimum so it matches the API spec
2022-08-19 10:28:53 +02:00
chore: clean up customRootRolesKillSwitch (#6173) https://linear.app/unleash/issue/2-1308/remove-customrootroleskillswitch-flag Cleans up the `customRootRolesKillSwitch` flag.
2024-02-09 09:41:40 +01:00
function getSetup() {
feat: custom root roles (#3975) ## About the changes Implements custom root roles, encompassing a lot of different areas of the project, and slightly refactoring the current roles logic. It includes quite a clean up. This feature itself is behind a flag: `customRootRoles` This feature covers root roles in: - Users; - Service Accounts; - Groups; Apologies in advance. I may have gotten a bit carried away 🙈 ### Roles We now have a new admin tab called "Roles" where we can see all root roles and manage custom ones. We are not allowed to edit or remove *predefined* roles. ![image](https://github.com/Unleash/unleash/assets/14320932/1ad8695c-8c3f-440d-ac32-39746720d588) This meant slightly pushing away the existing roles to `project-roles` instead. One idea we want to explore in the future is to unify both types of roles in the UI instead of having 2 separate tabs. This includes modernizing project roles to fit more into our current design and decisions. Hovering the permissions cell expands detailed information about the role: ![image](https://github.com/Unleash/unleash/assets/14320932/81c4aae7-8b4d-4cb4-92d1-8f1bc3ef1f2a) ### Create and edit role Here's how the role form looks like (create / edit): ![image](https://github.com/Unleash/unleash/assets/14320932/85baec29-bb10-48c5-a207-b3e9a8de838a) Here I categorized permissions so it's easier to visualize and manage from a UX perspective. I'm using the same endpoint as before. I tried to unify the logic and get rid of the `projectRole` specific hooks. What distinguishes custom root roles from custom project roles is the extra `root-custom` type we see on the payload. By default we assume `custom` (custom project role) instead, which should help in terms of backwards compatibility. ### Delete role When we delete a custom role we try to help the end user make an informed decision by listing all the entities which currently use this custom root role: ![image](https://github.com/Unleash/unleash/assets/14320932/352ed529-76be-47a8-88da-5e924fb191d4) ~~As mentioned in the screenshot, when deleting a custom role, we demote all entities associated with it to the predefined `Viewer` role.~~ **EDIT**: Apparently we currently block this from the API (access-service deleteRole) with a message: ![image](https://github.com/Unleash/unleash/assets/14320932/82a8e50f-8dc5-4c18-a2ba-54e2ae91b91c) What should the correct behavior be? ### Role selector I added a new easy-to-use role selector component that is present in: - Users ![image](https://github.com/Unleash/unleash/assets/14320932/76953139-7fb6-437e-b3fa-ace1d9187674) - Service Accounts ![image](https://github.com/Unleash/unleash/assets/14320932/2b80bd55-9abb-4883-b715-15650ae752ea) - Groups ![image](https://github.com/Unleash/unleash/assets/14320932/ab438f7c-2245-4779-b157-2da1689fe402) ### Role description I also added a new role description component that you can see below the dropdown in the selector component, but it's also used to better describe each role in the respective tables: ![image](https://github.com/Unleash/unleash/assets/14320932/a3eecac1-2a34-4500-a68c-e3f62ebfa782) I'm not listing all the permissions of predefined roles. Those simply show the description in the tooltip: ![image](https://github.com/Unleash/unleash/assets/14320932/7e5b2948-45f0-4472-8311-bf533409ba6c) ### Role badge Groups is a bit different, since it uses a list of cards, so I added yet another component - Role badge: ![image](https://github.com/Unleash/unleash/assets/14320932/1d62c3db-072a-4c97-b86f-1d8ebdd3523e) I'm using this same component on the profile tab: ![image](https://github.com/Unleash/unleash/assets/14320932/214272db-a828-444e-8846-4f39b9456bc6) ## Discussion points - Are we being defensive enough with the use of the flag? Should we cover more? - Are we breaking backwards compatibility in any way? - What should we do when removing a role? Block or demote? - Maybe some existing permission-related issues will surface with this change: Are we being specific enough with our permissions? A lot of places are simply checking for `ADMIN`; - We may want to get rid of the API roles coupling we have with the users and SAs and instead use the new hooks (e.g. `useRoles`) explicitly; - We should update the docs; - Maybe we could allow the user to add a custom role directly from the role selector component; --------- Co-authored-by: Gastón Fournier <gaston@getunleash.io>
2023-06-14 15:40:40 +02:00
const config = createTestConfig({
getLogger,
});
feat: audit roles (#5408) ## About the changes Audit changes to roles both root and project roles.
2023-11-24 14:22:31 +01:00
return createFakeAccessService(config);
chore: type improvements (#1941) Simplify the type to its minimum so it matches the API spec
2022-08-19 10:28:53 +02:00
}
fix: fetching user root roles include custom ones (#4068) ## About the changes `getUserRootRoles` should also consider custom root roles This introduces test cases that unveiled a dependency between stores (this happens actually at the DB layer having access-service access tables from two different stores but skipping the store layer). https://linear.app/unleash/issue/2-1161/a-user-with-custom-root-role-and-permission-to-create-client-api --------- Co-authored-by: Nuno Góis <github@nunogois.com>
2023-06-22 16:42:01 +02:00
test('should fail when name exists', async () => {
const { accessService } = getSetup();
feat: use audit info in events (#6872) I've tried to use/add the audit info to all events I could see/find. This makes this PR necessarily huge, because we do store quite a few events. I realise it might not be complete yet, but tests run green, and I think we now have a pattern to follow for other events.
2024-04-18 16:32:35 +02:00
const existingRole = await accessService.createRole(
{
name: 'existing role',
description: 'description',
permissions: [],
createdByUserId: -9999,
},
SYSTEM_USER_AUDIT,
);
fix: fetching user root roles include custom ones (#4068) ## About the changes `getUserRootRoles` should also consider custom root roles This introduces test cases that unveiled a dependency between stores (this happens actually at the DB layer having access-service access tables from two different stores but skipping the store layer). https://linear.app/unleash/issue/2-1161/a-user-with-custom-root-role-and-permission-to-create-client-api --------- Co-authored-by: Nuno Góis <github@nunogois.com>
2023-06-22 16:42:01 +02:00
chore: type improvements (#1941) Simplify the type to its minimum so it matches the API spec
2022-08-19 10:28:53 +02:00
expect(accessService.validateRole(existingRole)).rejects.toThrow(
new NameExistsError(
`There already exists a role with the name ${existingRole.name}`,
),
);
});
test('should validate a role without permissions', async () => {
fix: fetching user root roles include custom ones (#4068) ## About the changes `getUserRootRoles` should also consider custom root roles This introduces test cases that unveiled a dependency between stores (this happens actually at the DB layer having access-service access tables from two different stores but skipping the store layer). https://linear.app/unleash/issue/2-1161/a-user-with-custom-root-role-and-permission-to-create-client-api --------- Co-authored-by: Nuno Góis <github@nunogois.com>
2023-06-22 16:42:01 +02:00
const { accessService } = getSetup();
chore: type improvements (#1941) Simplify the type to its minimum so it matches the API spec
2022-08-19 10:28:53 +02:00
const withoutPermissions: IRoleValidation = {
name: 'name of the role',
description: 'description',
};
expect(await accessService.validateRole(withoutPermissions)).toEqual(
withoutPermissions,
);
});
test('should complete description field when not present', async () => {
fix: fetching user root roles include custom ones (#4068) ## About the changes `getUserRootRoles` should also consider custom root roles This introduces test cases that unveiled a dependency between stores (this happens actually at the DB layer having access-service access tables from two different stores but skipping the store layer). https://linear.app/unleash/issue/2-1161/a-user-with-custom-root-role-and-permission-to-create-client-api --------- Co-authored-by: Nuno Góis <github@nunogois.com>
2023-06-22 16:42:01 +02:00
const { accessService } = getSetup();
chore: type improvements (#1941) Simplify the type to its minimum so it matches the API spec
2022-08-19 10:28:53 +02:00
const withoutDescription: IRoleValidation = {
name: 'name of the role',
};
expect(await accessService.validateRole(withoutDescription)).toEqual({
name: 'name of the role',
description: '',
});
});
test('should accept empty permissions', async () => {
fix: fetching user root roles include custom ones (#4068) ## About the changes `getUserRootRoles` should also consider custom root roles This introduces test cases that unveiled a dependency between stores (this happens actually at the DB layer having access-service access tables from two different stores but skipping the store layer). https://linear.app/unleash/issue/2-1161/a-user-with-custom-root-role-and-permission-to-create-client-api --------- Co-authored-by: Nuno Góis <github@nunogois.com>
2023-06-22 16:42:01 +02:00
const { accessService } = getSetup();
chore: type improvements (#1941) Simplify the type to its minimum so it matches the API spec
2022-08-19 10:28:53 +02:00
const withEmptyPermissions: IRoleValidation = {
name: 'name of the role',
description: 'description',
permissions: [],
};
expect(await accessService.validateRole(withEmptyPermissions)).toEqual({
name: 'name of the role',
description: 'description',
permissions: [],
});
});
test('should complete environment field of permissions when not present', async () => {
fix: fetching user root roles include custom ones (#4068) ## About the changes `getUserRootRoles` should also consider custom root roles This introduces test cases that unveiled a dependency between stores (this happens actually at the DB layer having access-service access tables from two different stores but skipping the store layer). https://linear.app/unleash/issue/2-1161/a-user-with-custom-root-role-and-permission-to-create-client-api --------- Co-authored-by: Nuno Góis <github@nunogois.com>
2023-06-22 16:42:01 +02:00
const { accessService } = getSetup();
chore: type improvements (#1941) Simplify the type to its minimum so it matches the API spec
2022-08-19 10:28:53 +02:00
const withoutEnvironmentInPermissions: IRoleValidation = {
name: 'name of the role',
description: 'description',
permissions: [
{
id: 1,
},
],
};
expect(
await accessService.validateRole(withoutEnvironmentInPermissions),
).toEqual({
name: 'name of the role',
description: 'description',
permissions: [
{
id: 1,
environment: '',
},
],
});
});
test('should return the same object when all fields are valid and present', async () => {
fix: fetching user root roles include custom ones (#4068) ## About the changes `getUserRootRoles` should also consider custom root roles This introduces test cases that unveiled a dependency between stores (this happens actually at the DB layer having access-service access tables from two different stores but skipping the store layer). https://linear.app/unleash/issue/2-1161/a-user-with-custom-root-role-and-permission-to-create-client-api --------- Co-authored-by: Nuno Góis <github@nunogois.com>
2023-06-22 16:42:01 +02:00
const { accessService } = getSetup();
chore: type improvements (#1941) Simplify the type to its minimum so it matches the API spec
2022-08-19 10:28:53 +02:00
const roleWithAllFields: IRoleValidation = {
name: 'name of the role',
description: 'description',
permissions: [
{
id: 1,
environment: 'development',
},
],
};
expect(await accessService.validateRole(roleWithAllFields)).toEqual({
name: 'name of the role',
description: 'description',
permissions: [
{
id: 1,
environment: 'development',
},
],
});
});
test('should be able to validate and cleanup with additional properties', async () => {
fix: fetching user root roles include custom ones (#4068) ## About the changes `getUserRootRoles` should also consider custom root roles This introduces test cases that unveiled a dependency between stores (this happens actually at the DB layer having access-service access tables from two different stores but skipping the store layer). https://linear.app/unleash/issue/2-1161/a-user-with-custom-root-role-and-permission-to-create-client-api --------- Co-authored-by: Nuno Góis <github@nunogois.com>
2023-06-22 16:42:01 +02:00
const { accessService } = getSetup();
chore: type improvements (#1941) Simplify the type to its minimum so it matches the API spec
2022-08-19 10:28:53 +02:00
const base = {
name: 'name of the role',
description: 'description',
additional: 'property',
permissions: [
{
id: 1,
environment: 'development',
name: 'name',
displayName: 'displayName',
type: 'type',
additional: 'property',
},
],
};
expect(await accessService.validateRole(base)).toEqual({
name: 'name of the role',
description: 'description',
permissions: [
{
id: 1,
chore: Improve access service iter 2 (#4779) ## About the changes In https://github.com/Unleash/unleash/pull/4689 I forgot to add backward compatibility for a public method that was being used in Enterprise.
2023-09-19 16:15:27 +02:00
name: 'name',
chore: type improvements (#1941) Simplify the type to its minimum so it matches the API spec
2022-08-19 10:28:53 +02:00
environment: 'development',
},
],
});
});
fix: fetching user root roles include custom ones (#4068) ## About the changes `getUserRootRoles` should also consider custom root roles This introduces test cases that unveiled a dependency between stores (this happens actually at the DB layer having access-service access tables from two different stores but skipping the store layer). https://linear.app/unleash/issue/2-1161/a-user-with-custom-root-role-and-permission-to-create-client-api --------- Co-authored-by: Nuno Góis <github@nunogois.com>
2023-06-22 16:42:01 +02:00
test('user with custom root role should get a user root role', async () => {
chore: clean up customRootRolesKillSwitch (#6173) https://linear.app/unleash/issue/2-1308/remove-customrootroleskillswitch-flag Cleans up the `customRootRolesKillSwitch` flag.
2024-02-09 09:41:40 +01:00
const { accessService, eventStore } = getSetup();
feat: audit roles (#5408) ## About the changes Audit changes to roles both root and project roles.
2023-11-24 14:22:31 +01:00
const createRoleInput: IRoleCreation = {
fix: fetching user root roles include custom ones (#4068) ## About the changes `getUserRootRoles` should also consider custom root roles This introduces test cases that unveiled a dependency between stores (this happens actually at the DB layer having access-service access tables from two different stores but skipping the store layer). https://linear.app/unleash/issue/2-1161/a-user-with-custom-root-role-and-permission-to-create-client-api --------- Co-authored-by: Nuno Góis <github@nunogois.com>
2023-06-22 16:42:01 +02:00
name: 'custom-root-role',
description: 'test custom root role',
type: CUSTOM_ROOT_ROLE_TYPE,
feat: adds created_by_user_id to all events (#5619) ### What Adds `createdByUserId` to all events exposed by unleash. In addition this PR updates all tests and usages of the methods in this codebase to include the required number.
2023-12-14 13:45:25 +01:00
createdByUserId: -9999,
feat: audit roles (#5408) ## About the changes Audit changes to roles both root and project roles.
2023-11-24 14:22:31 +01:00
permissions: [
{
id: 1,
environment: 'development',
name: 'fake',
},
{
name: 'root-fake-permission',
},
],
};
feat: use audit info in events (#6872) I've tried to use/add the audit info to all events I could see/find. This makes this PR necessarily huge, because we do store quite a few events. I realise it might not be complete yet, but tests run green, and I think we now have a pattern to follow for other events.
2024-04-18 16:32:35 +02:00
const customRootRole = await accessService.createRole(
createRoleInput,
SYSTEM_USER_AUDIT,
);
fix: fetching user root roles include custom ones (#4068) ## About the changes `getUserRootRoles` should also consider custom root roles This introduces test cases that unveiled a dependency between stores (this happens actually at the DB layer having access-service access tables from two different stores but skipping the store layer). https://linear.app/unleash/issue/2-1161/a-user-with-custom-root-role-and-permission-to-create-client-api --------- Co-authored-by: Nuno Góis <github@nunogois.com>
2023-06-22 16:42:01 +02:00
const user = {
id: 1,
rootRole: customRootRole.id,
};
await accessService.setUserRootRole(user.id, customRootRole.id);
fix: User audit events (create, update, delete) should include rootRole. (#5399) Audit events for USER_CREATE, USER_UPDATE and USER_DELETE did not include the users rootRole. ![image](https://github.com/Unleash/unleash/assets/158948/fcbc1407-e4f0-438f-86cf-7073205cd8c2) --------- Co-authored-by: Gastón Fournier <gaston@getunleash.io>
2023-11-24 16:06:37 +01:00
const role = await accessService.getRootRoleForUser(user.id);
expect(role.name).toBe('custom-root-role');
feat: audit roles (#5408) ## About the changes Audit changes to roles both root and project roles.
2023-11-24 14:22:31 +01:00
const events = await eventStore.getEvents();
expect(events).toHaveLength(1);
expect(events[0]).toEqual({
type: ROLE_CREATED,
feat: use audit info in events (#6872) I've tried to use/add the audit info to all events I could see/find. This makes this PR necessarily huge, because we do store quite a few events. I realise it might not be complete yet, but tests run green, and I think we now have a pattern to follow for other events.
2024-04-18 16:32:35 +02:00
createdBy: SYSTEM_USER_AUDIT.username,
createdByUserId: SYSTEM_USER.id,
ip: SYSTEM_USER_AUDIT.ip,
feat: audit roles (#5408) ## About the changes Audit changes to roles both root and project roles.
2023-11-24 14:22:31 +01:00
data: {
id: 0,
name: 'custom-root-role',
description: 'test custom root role',
type: CUSTOM_ROOT_ROLE_TYPE,
// make sure we have a cleaned up version of permissions in the event
permissions: [
{ environment: 'development', name: 'fake' },
feat: use audit info in events (#6872) I've tried to use/add the audit info to all events I could see/find. This makes this PR necessarily huge, because we do store quite a few events. I realise it might not be complete yet, but tests run green, and I think we now have a pattern to follow for other events.
2024-04-18 16:32:35 +02:00
{ name: 'root-fake-permission', environment: undefined },
feat: audit roles (#5408) ## About the changes Audit changes to roles both root and project roles.
2023-11-24 14:22:31 +01:00
],
},
});
fix: fetching user root roles include custom ones (#4068) ## About the changes `getUserRootRoles` should also consider custom root roles This introduces test cases that unveiled a dependency between stores (this happens actually at the DB layer having access-service access tables from two different stores but skipping the store layer). https://linear.app/unleash/issue/2-1161/a-user-with-custom-root-role-and-permission-to-create-client-api --------- Co-authored-by: Nuno Góis <github@nunogois.com>
2023-06-22 16:42:01 +02:00
});
fix: deletion validation didnt account for groups (#4441) <!-- Thanks for creating a PR! To make it easier for reviewers and everyone else to understand what your changes relate to, please add some relevant content to the headings below. Feel free to ignore or delete sections that you don't think are relevant. Thank you! ❤️ --> ## About the changes <!-- Describe the changes introduced. What are they and why are they being introduced? Feel free to also add screenshots or steps to view the changes if they're visual. --> Fixes an issue where project role deletion validation didn't validate against project roles being connected to groups
2023-08-08 13:45:19 +02:00
test('throws error when trying to delete a project role in use by group', async () => {
const groupIdResultOverride = async (): Promise<number[]> => {
return [1];
};
const config = createTestConfig({
getLogger,
});
const groupStore = new FakeGroupStore();
groupStore.getAllWithId = async (): Promise<IGroup[]> => {
fix: group roles assumption, refactor group types (#4576) Does what it says on the tin, should help with cleaning up https://github.com/Unleash/unleash/pull/4512 and respective schema changes. --------- Co-authored-by: Gastón Fournier <gaston@getunleash.io>
2023-09-05 21:30:20 +02:00
return [{ id: 1, name: 'group' }];
fix: deletion validation didnt account for groups (#4441) <!-- Thanks for creating a PR! To make it easier for reviewers and everyone else to understand what your changes relate to, please add some relevant content to the headings below. Feel free to ignore or delete sections that you don't think are relevant. Thank you! ❤️ --> ## About the changes <!-- Describe the changes introduced. What are they and why are they being introduced? Feel free to also add screenshots or steps to view the changes if they're visual. --> Fixes an issue where project role deletion validation didn't validate against project roles being connected to groups
2023-08-08 13:45:19 +02:00
};
const accountStore = new FakeAccountStore();
const roleStore = new FakeRoleStore();
const environmentStore = new FakeEnvironmentStore();
const accessStore = new AccessStoreMock();
accessStore.getGroupIdsForRole = groupIdResultOverride;
accessStore.getUserIdsForRole = async (): Promise<number[]> => {
return [];
};
accessStore.get = async (): Promise<IRole> => {
return { id: 1, type: 'custom', name: 'project role' };
};
chore: centralize events service creation (#5910) ## About the changes EventsService is a dependency in most of our services. This creates helper methods to create them easily and replace a few places where we're creating them manually
2024-01-16 13:11:28 +01:00
const eventService = createFakeEventsService(config);
fix: deletion validation didnt account for groups (#4441) <!-- Thanks for creating a PR! To make it easier for reviewers and everyone else to understand what your changes relate to, please add some relevant content to the headings below. Feel free to ignore or delete sections that you don't think are relevant. Thank you! ❤️ --> ## About the changes <!-- Describe the changes introduced. What are they and why are they being introduced? Feel free to also add screenshots or steps to view the changes if they're visual. --> Fixes an issue where project role deletion validation didn't validate against project roles being connected to groups
2023-08-08 13:45:19 +02:00
const groupService = new GroupService(
refactor: prefer eventService.storeEvent methods (#4830) https://linear.app/unleash/issue/2-1403/consider-refactoring-the-way-tags-are-fetched-for-the-events This adds 2 methods to `EventService`: - `storeEvent`; - `storeEvents`; This allows us to run event-specific logic inside these methods. In the case of this PR, this means fetching the feature tags in case the event contains a `featureName` and there are no tags specified in the event. This prevents us from having to remember to fetch the tags in order to store feature-related events except for very specific cases, like the deletion of a feature - You can't fetch tags for a feature that no longer exists, so in that case we need to pre-fetch the tags before deleting the feature. This also allows us to do any event-specific post-processing to the event before reaching the DB layer. In general I think it's also nicer that we reference the event service instead of the event store directly. There's a lot of changes and a lot of files touched, but most of it is boilerplate to inject the `eventService` where needed instead of using the `eventStore` directly. Hopefully this will be a better approach than https://github.com/Unleash/unleash/pull/4729 --------- Co-authored-by: Gastón Fournier <gaston@getunleash.io>
2023-09-27 15:23:05 +02:00
{ groupStore, accountStore },
fix: deletion validation didnt account for groups (#4441) <!-- Thanks for creating a PR! To make it easier for reviewers and everyone else to understand what your changes relate to, please add some relevant content to the headings below. Feel free to ignore or delete sections that you don't think are relevant. Thank you! ❤️ --> ## About the changes <!-- Describe the changes introduced. What are they and why are they being introduced? Feel free to also add screenshots or steps to view the changes if they're visual. --> Fixes an issue where project role deletion validation didn't validate against project roles being connected to groups
2023-08-08 13:45:19 +02:00
{ getLogger },
refactor: prefer eventService.storeEvent methods (#4830) https://linear.app/unleash/issue/2-1403/consider-refactoring-the-way-tags-are-fetched-for-the-events This adds 2 methods to `EventService`: - `storeEvent`; - `storeEvents`; This allows us to run event-specific logic inside these methods. In the case of this PR, this means fetching the feature tags in case the event contains a `featureName` and there are no tags specified in the event. This prevents us from having to remember to fetch the tags in order to store feature-related events except for very specific cases, like the deletion of a feature - You can't fetch tags for a feature that no longer exists, so in that case we need to pre-fetch the tags before deleting the feature. This also allows us to do any event-specific post-processing to the event before reaching the DB layer. In general I think it's also nicer that we reference the event service instead of the event store directly. There's a lot of changes and a lot of files touched, but most of it is boilerplate to inject the `eventService` where needed instead of using the `eventStore` directly. Hopefully this will be a better approach than https://github.com/Unleash/unleash/pull/4729 --------- Co-authored-by: Gastón Fournier <gaston@getunleash.io>
2023-09-27 15:23:05 +02:00
eventService,
fix: deletion validation didnt account for groups (#4441) <!-- Thanks for creating a PR! To make it easier for reviewers and everyone else to understand what your changes relate to, please add some relevant content to the headings below. Feel free to ignore or delete sections that you don't think are relevant. Thank you! ❤️ --> ## About the changes <!-- Describe the changes introduced. What are they and why are they being introduced? Feel free to also add screenshots or steps to view the changes if they're visual. --> Fixes an issue where project role deletion validation didn't validate against project roles being connected to groups
2023-08-08 13:45:19 +02:00
);
const accessService = new AccessService(
{
accessStore,
accountStore,
roleStore,
environmentStore,
},
config,
groupService,
feat: audit roles (#5408) ## About the changes Audit changes to roles both root and project roles.
2023-11-24 14:22:31 +01:00
eventService,
fix: deletion validation didnt account for groups (#4441) <!-- Thanks for creating a PR! To make it easier for reviewers and everyone else to understand what your changes relate to, please add some relevant content to the headings below. Feel free to ignore or delete sections that you don't think are relevant. Thank you! ❤️ --> ## About the changes <!-- Describe the changes introduced. What are they and why are they being introduced? Feel free to also add screenshots or steps to view the changes if they're visual. --> Fixes an issue where project role deletion validation didn't validate against project roles being connected to groups
2023-08-08 13:45:19 +02:00
);
try {
feat: use audit info in events (#6872) I've tried to use/add the audit info to all events I could see/find. This makes this PR necessarily huge, because we do store quite a few events. I realise it might not be complete yet, but tests run green, and I think we now have a pattern to follow for other events.
2024-04-18 16:32:35 +02:00
await accessService.deleteRole(1, SYSTEM_USER_AUDIT);
fix: deletion validation didnt account for groups (#4441) <!-- Thanks for creating a PR! To make it easier for reviewers and everyone else to understand what your changes relate to, please add some relevant content to the headings below. Feel free to ignore or delete sections that you don't think are relevant. Thank you! ❤️ --> ## About the changes <!-- Describe the changes introduced. What are they and why are they being introduced? Feel free to also add screenshots or steps to view the changes if they're visual. --> Fixes an issue where project role deletion validation didn't validate against project roles being connected to groups
2023-08-08 13:45:19 +02:00
} catch (e) {
expect(e.toString()).toBe(
'RoleInUseError: Role is in use by users(0) or groups(1). You cannot delete a role that is in use without first removing the role from the users and groups.',
);
}
});
fix: return 400 on invalid POST data to project access endpoint (#5610) This PR fixes the issue discussed in SR-234, where you would get a 200 OK response even if your POST request to `/api/admin/projects/<project-name>/access` contains invalid data (and nothing is persisted).
2023-12-12 14:46:23 +01:00
describe('addAccessToProject', () => {
test('should throw an error when you try add access with an empty list of roles', async () => {
const { accessService } = getSetup();
await expect(() =>
accessService.addAccessToProject(
[],
[1],
[1],
'projectId',
'createdBy',
),
).rejects.toThrow(BadDataError);
});
});
Reference in New Issue Copy Permalink